summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pym/_emerge/BinpkgFetcher.py2
-rw-r--r--pym/_emerge/SpawnProcess.py14
2 files changed, 14 insertions, 2 deletions
diff --git a/pym/_emerge/BinpkgFetcher.py b/pym/_emerge/BinpkgFetcher.py
index 6c1dde93e..baea4d6d7 100644
--- a/pym/_emerge/BinpkgFetcher.py
+++ b/pym/_emerge/BinpkgFetcher.py
@@ -100,6 +100,8 @@ class BinpkgFetcher(SpawnProcess):
self.args = fetch_args
self.env = fetch_env
+ if settings.selinux_enabled():
+ self._selinux_type = settings["PORTAGE_FETCH_T"]
SpawnProcess._start(self)
def _pipe(self, fd_pipes):
diff --git a/pym/_emerge/SpawnProcess.py b/pym/_emerge/SpawnProcess.py
index bc861e9c5..b72971c87 100644
--- a/pym/_emerge/SpawnProcess.py
+++ b/pym/_emerge/SpawnProcess.py
@@ -8,6 +8,7 @@ import portage
from portage import _encodings
from portage import _unicode_encode
from portage import os
+from portage.const import BASH_BINARY
import fcntl
import errno
import gzip
@@ -25,7 +26,7 @@ class SpawnProcess(SubProcess):
"path_lookup", "pre_exec")
__slots__ = ("args",) + \
- _spawn_kwarg_names
+ _spawn_kwarg_names + ("_selinux_type",)
_file_names = ("log", "process", "stdout")
_files_dict = slot_dict_class(_file_names, prefix="")
@@ -146,7 +147,16 @@ class SpawnProcess(SubProcess):
return os.pipe()
def _spawn(self, args, **kwargs):
- return portage.process.spawn(args, **kwargs)
+ spawn_func = portage.process.spawn
+
+ if self._selinux_type is not None:
+ spawn_func = portage.selinux.spawn_wrapper(spawn_func,
+ self._selinux_type)
+ # bash is an allowed entrypoint, while most binaries are not
+ if args[0] != BASH_BINARY:
+ args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
+
+ return spawn_func(args, **kwargs)
def _output_handler(self, fd, event):